Cannot access FastE Ports from T1

jboudreau73 · ‎08-25-2007

What would prevent me from accessing(pinging) my FastE ports from outside my network.

I have 2 T1 lines multiplexed on the router and 2 FastE ports configured on different subnets.

Nothing has changed in my config and now all of a sudden I cannot access my LAN.

ISP claims nothing has changed on their end and I fail to believe that.

If i telnet into the router, I can ping all of my LAN interfaces. Also, my LAN is unable to access the internet.

I have a 2611XM router that sits outside the firewall directly connected to 2 T1 Serial Interfaces.

---

Current configuration : 1925 bytes

!

version 12.3

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname xxxxxxxxxxxxxxxxxxxx

!

boot-start-marker

boot-end-marker

!

enable secret xxxxxxxxxxxxxxxxxxxx

!

no network-clock-participate slot 1

no network-clock-participate wic 0

no aaa new-model

ip subnet-zero

no ip source-route

ip cef

!

ip name-server xxx.xxx.xxx.16

ip name-server xxx.xxx.xxx.10

no ftp-server write-enable

!

class-map match-all xxxxxxxxxxxxxx1-class

match access-group 199

!

policy-map 2-class-short-pipe-egress-xxxxxxxxxxxxxx

class xxxxxxxxxxxxxx1-class

priority 640

class class-default

fair-queue

!

interface Multilink3

description Multilink PPP

ip address xxx.xxx.xxx.214 255.255.255.252

service-policy output 2-class-short-pipe-egress-xxxxxxxxxxxxxx

ppp multilink

ppp multilink group 3

!

interface FastEthernet0/0

ip address xxx.xxx.xxx.1 255.255.255.224

duplex auto

speed auto

!

interface Serial0/0

description T-11

ip address xxx.xxx.xxx.250 255.255.255.252

encapsulation ppp

load-interval 30

no fair-queue

ppp multilink

ppp multilink group 3

!

interface FastEthernet0/1

ip address xxx.xxx.xxx.149 255.255.255.252

speed 100

full-duplex

!

interface Serial0/1

description T1-2

ip address xxx.xxx.xxx.230 255.255.255.252

encapsulation ppp

load-interval 30

no fair-queue

ppp multilink

ppp multilink group 3

!

ip classless

ip route 0.0.0.0 0.0.0.0 xxx.xxx.xxx.213

no ip http server

!

access-list 199 permit ip host xxx.xxx.xxx.20 host xxx.xxx.xxx.120

access-list 199 permit ip host xxx.xxx.xxx.120 host xxx.xxx.xxx.20

access-list 199 permit ip host xxx.xxx.xxx.26 host xxx.xxx.xxx.150

access-list 199 permit ip host xxx.xxx.xxx.150 host xxx.xxx.xxx.26

!

line con 0

line aux 0

line vty 0 4

password xxxxxxxxxxxxxxxxxxxxxxxx

login

!

end

Joseph W. Doherty · ‎08-25-2007

If I understand your question, this router is connected to an Internet ISP and you have lost connectivity both to/from your inside LAN, yet the link is up and you can ping the far (ISP) side of the link?

If true, what does a traceroute from this router show going outbound?

You might want to try a Looking Glass server; see if you internal network is advertised and try an inbound traceroute to your LAN.

PS:

From your prior post, about poor performance for vidconf traffic, is this same router? The other side of the WAN link has similar QoS settings to place your vidconf traffic in LLQ; and it does? Reason I ask, as I wrote before, I'm surprised you were seeing performance issues.

jboudreau73 · ‎08-25-2007

Yes this is the same router. I contaced the ISP to separate the multiplexed T1 lines and they said they were going to work on it. After getting off the phone with them, my link went down and never came back up. they stated that they never made any changes, which i find hard to believe.

Yes other side of the WAN link had QoS settings that are similar. Our video conf system sends audio and video as separate packets and rejoins them when they are recieved. Video was always good, but audio was lost when other network activity was present. If no other network activity was present, the video and audio were fine.

jboudreau73 · ‎08-25-2007

Network issue has been resolved. apparently one of the engineers deleted some routing from their router.

Thanks for the reply

Joseph W. Doherty · ‎08-25-2007

Oh, so that's what the route statement was for. ;)

Glad to read you got it fixed. Hope your split gives you the result you need.

PS:

On vidconf, I had thought the video might be separate from voice, which is why I asked about ALL the video traffic. When I saw your ACL, I also presumed you were targeting the two end devices, which is fine if the devices don't generate other traffic.

Your last comment about the video being good but not audio, still has me scratching my head. Live video usually isn't all that much more robust them voice; often just bigger stream with wider spread in the instantaneous bit rate. Again, hope the split does the job for you.

One last thing you could try, if you put mixed traffic on same link (which could now happen if you lose just one circuit), put the voice in LLQ and mark the video with something like DSCP CS4, which would give it extra weight within FQ.

jboudreau73 · ‎08-25-2007

Thanks for all the input and advice. I will try some of the suggestions.

Joseph W. Doherty · ‎08-28-2007

Footnote:

Yesterday, doing some research on MLP for a different problem. Came across a feature that I was unaware of, Multiclass Multilink PPP. Maybe a solution for your original performance issue?

See http://www.cisco.com/en/US/products/sw/iosswrel/ps1839/products_feature_guide09186a0080110bd7.html

jboudreau73 · ‎08-28-2007

Thanks so much for posting this. I will try to test this and see if it resolves some of the issues before I un-bundle the T1's.

Joseph W. Doherty · ‎08-28-2007

Your welcome. If possible, post results, good or bad.